Page 1 of 1
about new password
Posted: Tue Mar 24, 2009 9:47 pm
by missright
if the user forget the password, they will require it , however , can the system provide the user's original password to the user, instead of generating a new password to them , izzit possible to change this feature?
Re: about new password
Posted: Tue Mar 24, 2009 10:44 pm
by Qphoria
It can be done, but it's a huge security risk to be emailing their own passwords to people.
Re: about new password
Posted: Tue Mar 24, 2009 11:44 pm
by missright
so can u pls tell me how to do this? thanks ...
Re: about new password
Posted: Wed Mar 25, 2009 12:10 am
by Qphoria
Actually, I'm wrong.. I forgot that the password is md5 hashed. So its not possible to do unless you store the password as plaintext from the start. Which is really really really insecure.
1. You'd need to add a new column in the customer database table called "password_text"
2. Then during account create, save the unencrypted password to the new password_text field
3. Then if customers forget, you can edit the catalog/controller/account/forgotten.php file to
change:
Code: Select all
$password = substr(md5(rand()), 0, 7);
to:
Code: Select all
$password = $this->db->query("SELECT password_text FROM `customer` WHERE email = '" . $this->request->post['email'] . "'");
Then change:
Code: Select all
$this->model_account_customer->editPassword($this->request->post['email'], $password);
to
Code: Select all
//$this->model_account_customer->editPassword($this->request->post['email'], $password);